Loading ...
Sorry, an error occurred while loading the content.

Re: VIRUS ALERT... the full story

Expand Messages
  • blademaster01757
    You do know I hope that there is a copy of this damned thing right here in the group archives. Hopefully no one will accidently open the bloody thing. Is there
    Message 1 of 5 , Mar 1, 2002
    • 0 Attachment
      You do know I hope that there is a copy of this damned thing right
      here in the group archives. Hopefully no one will accidently open the
      bloody thing. Is there any way we can delete it or is that something
      that only our absentee admiral/moderator can do?

      Captain John
      The Admiralty


      --- In Bolitho@y..., "James Goddard" <snapdragonxxx@h...> wrote:
      > Win32.Magistr.29188
      > A destructive polymorphic binary virus/worm targeting Windows
      9x/ME/2K systems.
      >
      > Computer Associates International, Inc.
      > September 12, 2001
      >
      >
      >
      > Also known as W32/Magistr.B, Win32.Magistr.B@mm and I-Worm
      Magistr.b
      >
      >
      >
      > For more information, please visit the Win32.Magistr.29188
      description in our Virus Encyclopedia.
      > Win32/Magistr.29188 is a new variant of the
      Win32/Magistr.24876 worm/virus. This updated version of Magistr has
      some features that make it a little more evasive although at the same
      time, increasing its potential for propagating on Windows 98/NT/2000
      machines. Its core functionality remains intact - infecting Windows
      executable files, mailing out infected files over the Internet, and
      spreading itself over a local network.
      >
      > Using its own SMTP engine, the worm component is able to
      generate email using addresses from various sources - DBX (Outlook
      Express), WAB (Windows Address Book), and MBX (Eudora Address Book)
      files. The email subject/body/attachment name is constructed at random
      from .txt or .doc files found on the infected machine.
      >
      > The virus component will search a greater number of "Windows"
      directories during its infection cycle while, at the same time,
      deleting any *.NTZ files it finds. Similar to the original, a copy of
      a random file is dropped into the Windows directory, but thereafter,
      it also adds itself to the "shell=" line in the "[boot]" section in
      SYSTEM.INI.
      >
      > Many of the payloads from the original Magistr.24876,
      including erasing hard drive data and CMOS/Flash memory on Win9x
      systems, have been changed to trigger within a shorter time span upon
      being executed in this variant.
    • Robert Squarebriggs
      Thank you James, it s a nasty bugger, isn t it. Too bad we couldn t locate the little useless ^%$*&^! that has nothing better to do but develop these things
      Message 2 of 5 , Mar 1, 2002
      • 0 Attachment
        Thank you James, it's a nasty bugger, isn't it.
         
        Too bad we couldn't locate the little useless ^%$*&^! that has nothing better to do but develop these things and take him to sea with us.  From where I could he would never be seen again!  Good sailors could devise all sorts of "interesting" entertainments for him till he disappeared over the side with a couple of roundshot at his dirty little feet!
         
        I remain................
         
        Commodore Bob
        HMS Intrepid
      • darkkitten1
        A post can be deleted from the archive, but as far as I know only by the person who posted it. So Commodore Bob, if you go to the archive and pull up your post
        Message 3 of 5 , Mar 1, 2002
        • 0 Attachment
          A post can be deleted from the archive, but as far as I know only
          by the person who posted it. So Commodore Bob, if you go to the
          archive and pull up your post with the virus, I think you can delete
          that post, so no one accidentally gets the virus from the archive. I
          deleted a post once. I don't remember exactly how I did it, but it
          did work and it seemed pretty intuitive.

          Midshipman DK
          HM Sloope Sharke (20)

          --- In Bolitho@y..., "blademaster01757" <jjts01757@y...> wrote:
          > You do know I hope that there is a copy of this damned thing
          right
          > here in the group archives. Hopefully no one will accidently
          open the
          > bloody thing. Is there any way we can delete it or is that
          something
          > that only our absentee admiral/moderator can do?
        • Robert Squarebriggs
          My dear Lt DK, Your recommendation has been duly exicuted. The message containing the bug , is no more! I thank you for your advice. I remain...............
          Message 4 of 5 , Mar 1, 2002
          • 0 Attachment
            My dear Lt DK,

            Your recommendation has been duly exicuted. The message containing the
            "bug", is no more!

            I thank you for your advice.

            I remain...............

            Commodore Bob
            HMS Intrepid


            > A post can be deleted from the archive, but as far as I know only
            > by the person who posted it. So Commodore Bob, if you go to the
            > archive and pull up your post with the virus, I think you can delete
            > that post, so no one accidentally gets the virus from the archive. I
            > deleted a post once. I don't remember exactly how I did it, but it
            > did work and it seemed pretty intuitive.
            >
            > Midshipman DK
            > HM Sloope Sharke (20)
          Your message has been successfully submitted and would be delivered to recipients shortly.